Total
2842 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | |||||
| CVE-2024-23351 | 1 Qualcomm | 188 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 185 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | |||||
| CVE-2025-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. | |||||
| CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2025-08-11 | N/A | 8.7 HIGH |
| Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
| CVE-2025-21469 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | |||||
| CVE-2025-54397 | 1 Netwrix | 1 Directory Manager | 2025-08-11 | N/A | 4.3 MEDIUM |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. | |||||
| CVE-2025-8738 | 2025-08-08 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8504 | 1 Anisha | 1 Kitchen Treasure | 2025-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-51054 | 2025-08-07 | N/A | 6.5 MEDIUM | ||
| Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint. | |||||
| CVE-2024-42048 | 2025-08-07 | N/A | 6.5 MEDIUM | ||
| OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory. | |||||
| CVE-2024-55402 | 2025-08-07 | N/A | 5.3 MEDIUM | ||
| 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. | |||||
| CVE-2021-34753 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-07 | N/A | 5.8 MEDIUM |
| A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet. | |||||
| CVE-2025-44657 | 1 Linksys | 2 Ea6350, Ea6350 Firmware | 2025-08-07 | N/A | 3.9 LOW |
| In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | |||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 5.4 MEDIUM |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | |||||
| CVE-2025-27062 | 2025-08-06 | N/A | 7.8 HIGH | ||
| Memory corruption while handling client exceptions, allowing unauthorized channel access. | |||||
| CVE-2025-30127 | 2025-08-06 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779. | |||||
| CVE-2025-46391 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| CWE-284: Improper Access Control | |||||
| CVE-2024-42655 | 1 Emqx | 1 Nanomq | 2025-08-06 | N/A | 8.8 HIGH |
| An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. | |||||
| CVE-2025-8379 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52289 | 1 Magnussolution | 1 Magnusbilling | 2025-08-06 | N/A | 8.0 HIGH |
| A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval. | |||||